updated from git log for upcoming release

This commit is contained in:
Dirk Wetter 2015-08-14 13:34:45 +02:00
parent 58a1c1c1da
commit 8bc2909899

View File

@ -9,24 +9,30 @@ It is working on every Linux distribution out of the box with some limitations o
On github you will find in the master branch the development version of the software -- with new features and maybe some bugs. For the stable version and a more thorough description of the software please see [testssl.sh](https://testssl.sh/ "Go to the site with the stable version and more documentation"). On github you will find in the master branch the development version of the software -- with new features and maybe some bugs. For the stable version and a more thorough description of the software please see [testssl.sh](https://testssl.sh/ "Go to the site with the stable version and more documentation").
New features in the upcoming stable release 2.6 are: New features in the soon upcoming stable release 2.6 are:
* display matching key (HPKP) * display matching key (HPKP)
* LOGJAM 1: check DHE_EXPORT cipher * LOGJAM 1: check DHE_EXPORT cipher
* LOGJAM 2: displays DH(/ECDH) bits in wide mode on negotiated ciphers * LOGJAM 2: displays DH(/ECDH) bits in wide mode on negotiated ciphers
* "wide mode" option for checks like RC4, BEAST. PFS. Displays hexcode, kx, strength, DH bits, RFC name * "wide mode" option for checks like RC4, BEAST. PFS. Displays hexcode, kx, strength, DH bits, RFC name
* binary directory provides out of the box better binaries (Linux 32+64 Bit, Darwin 64 bit, FreeBSD 64 bit)
* OS X binaries (@jvehent, new builds: @jpluimers)
* ARM binaries (@f-s))
* TLS_FALLBACK_SCSV check -- Thx @JonnyHightower * TLS_FALLBACK_SCSV check -- Thx @JonnyHightower
* (HTTP) proxy support! -- Thx @jnewbigin * (HTTP) proxy support! -- Thx @jnewbigin
* Extended validation certificate detection * Extended validation certificate detection
* Run in default mode through all ciphers at the end of a default run * Run in default mode through all ciphers at the end of a default run
* will test multiple IP adresses in one shot, --ip=<adress|"one"> restricts it accordingly * will test multiple IP adresses in one shot, --ip=<adress|"one"> restricts it accordingly
* provide a --file option where testssl.sh commands are being read from -- for mass testing
* can scan STARTTLS+XMPP by also supplying the XMPP domain (to-option in XML streams). * can scan STARTTLS+XMPP by also supplying the XMPP domain (to-option in XML streams).
* support of sockets for STARTTLS protocols (with exception of SSLv2 you need to supply EXPERIMENTAL=yes)
* mass testing file option ``--file``, see https://twitter.com/drwetter/status/627619848344989696 * mass testing file option ``--file``, see https://twitter.com/drwetter/status/627619848344989696
* TLS time for STARTTLS protocols * TLS time and HTTP time stamps
* TLS 1.0-1.1 as socket per default in production * TLS time displayed also for STARTTLS protocols
* binary directory provides out of the box better binaries (Linux 32+64 Bit, Darwin 64 bit, FreeBSD 64 bit) * support of sockets for STARTTLS protocols (with exception of SSLv2 you need to supply EXPERIMENTAL=yes)
* LibreSSL fixes, still not recommended to use though (see https://testssl.sh/) * TLS 1.0-1.1 as socket checks per default in production
* further detection of security relevant headers (reverse proxy, IPv4 addresses), proprietary banners (OWA, Liferay etc.)
* LibreSSL fixes, still not recommended to use though (see https://testssl.sh/)
* lots of fixes, code improvements
Currently we're running 2.6rc1. means it's feature freeze and latest bugs are being squashed. Currently we're running 2.6rc1. means it's feature freeze and latest bugs are being squashed.